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64 - Samba Server (Server Message Block) 


A - Description of SAMBA and what it can do 
- Joint agreement of use between Microsoft and IBM to communicate low-level Data between 
Windows and IBM UNIX Servers on a TCP/IP network. 
It was used as their standard since the days of DOS 3.0 
- Does Windows 95/98 authentication, File and Printer sharing 


B - Who created Samba and where to get it and where is help (section 20) 
Created by Andrew Tridgel at home in Australia in 1991 


To get it: 
- In SuSE distribution or 
- http://www.samba.org 


C - Install Samba with YaST (Appendix A) 
- Series 'n' 
- Turn START_SMB in SuSE Config Datei /etc/rc.config 


D - Setting-up minimal settings in /etc/smb.conf (Appendix - B and H) 


E - Start and Stop Samba (Section 18) 


F - SMB Protocol and where it's used (Section 1) 


G - Theory of protocols stacks: (Section 2,6 + Appendix G) 
- BIOS 
- NetBIOS, NetBIOS over TCP/IP, NetBEUI, NetBIOS over IPX (Section 2 & Appendix - E) 
- SMB/CIFS Protocol uses NetBIOS (CIFS is implemented in Win2000) 
- NetBIOS services (in /etc/services): (Section 6) 


Name Service----------- > netbios-ns Port 137 
Datagram Service------- > netbios-dg Port 138 
Session Service-------- > netbios-ssn Port 139 


H - NetBIOS and Windows environment (Sections 3, 4, 5, 7, 8, 9, 11) 
- NetBIOS Name Server NBNS (Section 3 & 4) 
- Workgroup (Section 5) 
- Windows Domain = Workgroup + Domain Controller (Section 7 & 8) 
- Local Master Browser and Local Backup Browser (Section 9) 
- Name Service (NBNS and WINS) (Section 11) 


| - What Services Samba can do (section 13) 
J - What are the files involved in the Service (section 14) 
K - Configuration of [Global] of smb.conf (section 15 / Appendix - B and H) 


L- Configuration of the Shares (Directories) of smb.conf (section 16) 
- [Homes] Directories 
- [Printers] 
- [Extra shares] 

M - Setting-up Users for authentication (section 17) 


N - Troubleshooting Samba (see appendix C and D) 
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M - Special settings for Samba as PDC (logon server) (Section 16) 
O - Using SWAT to configure Samba (section 19) 

P - Connect to Samba from Linux - local or remote (section 21) 

Q - Variables substitutions in smb.conf (Appendix F) 


R - Windows Domains spreading over Multiple Subnets (Section 10/Appendix G) 
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1 - SMB Protocol introduction and Opersating Systems that uses it 
2.1 - SMB Protocol allows: 
- Serve UNIX files to Windows, OS/2, and others 
- Serve Network Printers to to Windows clients 
- Provide Name service (broadcast and WINS) 
- Allow UNIX Clients to access PC files 


2.2 - OS that uses SAMBA: 
- Windows 95/98 
- WINDOWS NT /2000 
- UNIX 
- Open VMS 
- OS/2 
- AmigaDOS 
- Netware 


2 - BIOS, NetBIOS and NetBEUI Protocols (Appendix - E) 


BIOS: Description and diagram (see BIOS Diagram) 
- Use the diagram and the MacDonnald Burger stores example. 
- Same Menu over all stores but different kitchens, cooks, tellers, Heating 
equipment, etc. 


NetBIOS: Network Basic Input/Output System 
Basic Network API for low Ilevel transport protocol that transport requests and responses across a 
network from one computer to another. 
See. /etc/services Service no 
137 NetBIOS-ns (name server) 
138 NetBIOS-dgm(Datagram) 
139 NetBios-ssn(Session Service) 


NetBEUI : NetBIOS Extended User Interface 
NetBIOS designed for LAN (fewer than 255 nodes) that let machines claim a unique name (max 15 
char) . Very popular with Windows For Workgroups. 
Later Novel implemented NetBIOS over IPX 


NetBUI uses names and TCP/IP uses numbers to identify machines 


From this standards became known as NetBIOS over TCP/IP (NBT) which developed 3 services: 
Name service, Datagrams, Sessions 


Name Service solves the Name to number problem seen above (No DNS) 
Datagrams and Sessions are data transfer protocols 


With NetBIOS each machine that comes online claims a name. 
It's called: Name registration. It is done to aNetBIOS Name Server(NBNS) 
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3 - Name to IP resolution: 


To resolve the name to an IP Address it uses 2 methods: 


Broadcast: Request sent to all machines to resolve a specific name. 
The concerned machine answers back with it's IP 
This method is for networks without a NBNS or for single 
subnets. 


NBNS: Ask the NetBIOS Name Server for name to IP resolution 
Prefered in larger LANS with more than one subnet where 
routers don't allow broadcasting across different subnets. 


Each machine gets to be designated a noded type as per its way of doing name registration and 
Name resolution: 


b-node Uses only broadcast for name registration and name resolution 
p-node Uses NBNS for registration and resolution 
m-node Uses broadcast for name registration. It notifies the NBNS server of the result. 
It uses broadcast for resolution. If not successfull uses NBNS. 
h-node Uses NBNS server for registration and resolution. If not sucessfull, then uses 
broadcast. 


Windows innvented and uses h-nodes which are more fault tolerant then the others. 
Under Windows the command ipconfig /all gives the Node Type as well as other info. 


4 - NetBIOS names: 
- NetBIOS names are NOT composed of dots for domaines. 
- Limited to Max 15 char long 
- Only Normal chars are allowed as well as:!@#$%*&()-{}.~ 
- Period '.' is allowed but not guaranteed to work in next version of NetBIOS over TCP/IP. 
- All DNS names are valid NetBIOS names. eg. phoenix.ora.de is PHOENIX for NetBIOS 
- Names have a 16th byte that tells what services it offers. It needs to register its name as many 


times as it has services to offer. 


- The command NBTSTAT on Windows machine tells the list of services offered: 


* 


* 


the number of each service is enclosed in < > . eg. PHOENIX <00> 


List of standard services: 

<00> Standard Workstation service 
<03> Messenger Service (WinPopup) 
<06> RAS Server Service 

<1B> Domaine Master Browser Service for Primary Domain controller 
<1D> Master Browser Name 

<1F> NetDDE service 

<20> File Server including Printer Server 
<21> RAS Client Service 

<BE> Network Monitor Agent 

<BF> Network Monitor Utility 
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5 - Workgroups and SMB Groups 


- WORKGROUP: Name for a group of computers and resources on a SMB Network 

- SMB Groups are the same as Workgroups 

Group names have the following attributes shown with the command NBTSTAT -a servername 
<00> Standard Workstation Group 

<1B> Domain Master Browser Name 

<1C> Logon Server Name 

<1D> Local Master Browser Name 

<1E> Normal Group Name (used in browser elections) 

<20> Internet Group Name (administrative) 

<01> <01><02>_ MSBROWSE__<02> 


__-MSBROWSE__ is used to announce a group to other Master Browsers 


6 - Datagrams and Sessions 
NBT Datagrams - Used to send messages and data that need no confirmation: 
- Uses UDP. 
- Used to broadcast to multiple NetBIOS machines. 
- Unreliable. 


NBT Sessions - Used to transmit messages and data that need confirmation. 
- Uses TCP. 
- Always occur between 2 and only 2 NetBIOS Machines. 
- Is the method used by resource sharing on NBT network. 


7 - Windows Domains 
- A Windows Domain is a Windows Workgroup with one or more Domain Controller. 
- A Domain Controller is a Logon Server: 
- There are 2 different protocols used by Domain Controllers: 
- Windows 95/98 Supported by Samba 
- Windows NT Not Supported yet by Samba...Maybe in version 2.1 
- A Domain Controller is the center of Windows Domaine 
- No Domain Controller....No Windows Domain (also called Windows NT Domain) 
- The main function of a Domain Controller concerned here for Samba is: 
- Authentication: Granting the access of shared resources on resources servers. 
It uses Security Account Manager (SAM) to maintain users/passwords 
lists. 


- Process of sharing resources on a server: 
- Each time a non-authenticated client wants a resource on a server, the server asks the 
Domain Controller to authenticate the client. If it is correct, shared resources with pre- 
selected privileges are accessible to him. If not it will be refused the access. 


Note: On the Resource Server an authenticated client carry a token given by the Domain 
Controller that allows him to use other shared resources in the same Domain. 


8 - Primary and Backup Domain Controllers 
- The active Domain Controller is called Primary Domain Controller (PDC) 
- The Backup Domain Controllers(BDC) are there to take over in case the PDC doesn't respond 
- The BDC sychronizese periodically with PDC for users/passwords lists (SAM). 
This SAM List is Read-Only on BDC. Changes are made only on the PDC. 
- Samba can only serve as a PDC and not a BDC 
- Samba as PDC can only be used for authentication 
- Other PDC functions are maybe available in Samba version 2.1 as full PDC for NT clients. 
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9 - Browsing 
- Is the function of scanning for all available machines, workgroups and domaines on a Windows 
Network. 
- On windows machine the browsing function is triggered by clicking on the Network Neighborhood. 
- There are 2 types of Browsing: 
- List of machines on a network 
- List of resources on a specific machine 
- A Local Master Browser is responsible for keeping a list of machines that are accessible in the 
Windows Domain. The list is called Browse List 
- Each Windows Domain(workgroup) needs at least one Local Master Browser 
- Local Master Browser Machines are used to avoid too much network traffic of individual machine 
polling. 
- To get the list of Resources on a Server, the Client authenticates itself, if not already done, and 
gets the resource list from the server. 
- Each Resource Server is required to announce itself to the Local Master Browser at boot-up 
and shutdown. The Local Master Browser records what the Resource Server has announced. 
- Note: The Local Master Browser may or may not also be the NetBIOS Name Server. 
- Any Windows Machine can act as a Local Master Browser if it advertizes this service. 
- A Local Master Browser is selected by an election process: 
- This election process selects the Local Master Browser and Local Backup Browser(s) 
- The election selection is according to the following criterias: 
- Version of election protocol used 
- Operating system on the machine 
- Amount of time the client has been on the network 
- Hostname of the client. 
- This above information is broadcasted via Datagrams to other computers 
- An new election of Local Master Browser and Backups takes place every time a new computer 
comes online registers itself. 
- Backup Browsers are selected during election according to the following rules: 
Network Hosts Number of Backup Browsers selected 


1 to 32 NT Workstations 1 
or 1 to 16 Win95/98 


33 to 64 NT Workstations 2 
or 17 to 32 Win95/98 


for each extra 32 NT Workstations 1 more Backup Browser 
or 16 Win95/98 


10 - Windows Workgroup spreading over multiple subnets. 


- The same Primary Domain Controller can be used across the subnets 
- The Local Master Browser is not so easy. 
- Each subnet needs a Local Master Browser 
- Each Windows Domain needs a Domain Master Browser. 
- The Main Browse List is maintained in the Domain Master Browser 
- Each Local Master Browser synchronizes its Browse List with the Domain Master 
Browser 
Difficulties in this design: 
- The Primary Domain Controller(NT only) must be the Domain Master Browser 
also. Therfore Windows 95/98 cannot become a Domain Master Browser 
- Windows 95/98 cannot become a Local Master Browser because they cannot 
contact the Domain Master Browser. 
- This forces each subnet to have at least one NT machine used as Local Master 
Browser or as Domain Master Browser. 
- Each Local Master Browser is maintaining its own Subnet Browse List and synchronizes with the 
Domain Master Browser to get the Browse List of other subnets. 
This is called Browse List propagation. 
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11- Windows Internet Name Service (WINS) 


- WINS is Microsoft's implementation(version) of NetBIOS Name Service. 
- They are not related to any Domain or Workgroup. They can serve anyone. 
- Names are flat and not hieharchy. eg. hostname can be : fred, harry and Workgroup like USA, 


KANADA, DEUTSCHLAND etc. 


- The WINS is dynamic: Each host must register its Hostname, IP Address, Workgroup to the WINS 
periodically to announce it's presence in the network. 

- WINS requests can cross multiple subnets to access the WINS server. 

- The WINS server IP Address is set in each host that wants to use it 

- The Active WINS server is the Primary WINS Server. Multiple Secondary WINS servers can co- 


exist in a network. 


- The choice of Primary and Secondary WINS Servers is static and chosen by the network 
administrator and not done through elections. 
- Only NT Workstations and NT Servers can be used as WINS Server. 


12 - Windows Network Environment in short: 


Description 


Protocol used to perform client/server networking 
used by: Windows, OS/2, Open VMS, AmigaDOS and 
Netware. 


New name for SMB in future Windows implementations 
Operating System's connection to the local devices 
Interface/protocol to transport data across network 
Single physical network connection. Usually a host 


Network Protocol based on NetBIOS to be used for 
small LAN(<255 nodes) and using a 15 Letters (max) 
as hostnames. 
Resolves NetBIOS names to IP Address. 
If not present in a network the hosts use the broadcast 
mechanism to resolve Name to IP address. 
This is depending the node type of each host. 
Services offered (ports 137,138,139) to allow NetBIOS 
protocol to be transported over TCP/IP. It provides: 

- Name service 

- Datagram data/messages Transport (UDP) 

- Sessions data transport (TCP) 
Group of computers belonging to the same group name 
Workgroup having at least one Domain Controller 
Responsible for authentication of clients for access to shared 
resources on servers belonging to the same Domain. 
Kicks-in when the Primary Domain Controller doesn't respond. 
Many BDC can be used for the same Domain. 


Abreviation Meaning 

SMB Server Message Block 

CIFS Common Internet File System 
BIOS Basic Input/Output System 
NetBIOS Network BIOS 

node Network Connection 

NetBEUI NetBIOS Extended User Interface 
NBNS NetBIOS Name Server 

NBT NetBIOS over TCP/IP 

--- Windows Workgroup 

--- Windows Domain 

PDC Primary Domain Controller 
BDC Backup Domain Controller 
SAM Security Account Manager 


Resource Servers 


Listing method used by PDC and BDC for storing and managing 
Usernames/Passwords for Authentication. 

Hosts that provide resources to be shared with other clients in a 
network environment. 
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--- Domain Master Browser Serves and Maintains list of Resource Servers for an entire 


Domain. The Domain is normally spreading over more than one 
subnet. 
Only NT machines can be Domain Master Browser. 


--- Local Master Browser Serves and Maintains list of Resource Servers for a subnet. 


Often a Domain is contained within a single subnet. 

It is chosen by elections. 

Any Windows Machine can be Local Master Browser. 

If the Domain spreads over more than one subnet, then only NT 
Workstation/Server may be Local Master Browser. 


WINS Windows Internet Name Service 


Microsoft's Implementation of NetBIOS Name Service(NBNS) 
- Can be Primary or Secondary 
- Chosen by system administrator 


13 - What Samba can do 


File Server Yes 

Printer Server Yes 

Primary Domain Controller Yes (Authentication only!, Samba 2.1 is Recomended) 
Backup Domain Controller No 

Windows 95/98 Authentication Yes 

Local Master Browser Yes 

Local Backup Browser No 

Domain Master Browser Yes 

Primary WINS Server Yes 

Secondary WINS Server No 


14 - Programs involved with the Samba Package 


smbd Main Daemon responsible for 

- sharing resources (File, Print & Browser(for local resources only) 

- All notifications between client and Samba Server 

- User Authentication 

- Resource Locking (File lock for access to same files by multi users) 

- Data Sharing through SMB Protocol 
nmbd Secondary Daemon responsible for: 

- Windows Internet Name Server (WINS) 

- NetBios Name Server (NBNS) 

- Local Master Browser functionality through elections 
smbclient An FTP-like Unix Client that can be used to connect to Samba Shares 
nmblookup A program that provides NetBIOS over TCP/IP name lookups 
lmhosts Samba NetBIOS Name Service Hosts File. Same location as smb.conf 

smbmount Mounts an 'smb' resouurce to linux. Kernel must support 'smb' filesystem 
nmblookup Uses the WINS to do a NetBIOS Name Lookup 
smbspool Spools a job into a Samba Shared Printer 
smbstatus Display different Samba status info 
smbtar Program to backup shared files 
smbpasswd Management program for Samba Users/Passwords file /etc/smbpasswd 
testparm Checks the validity of smb.conf file 
swat Web Oriented Samba configuration program 
addtosmbpass Script that add a list of usernames into the smbpasswd file 


convert_smbpasswd Script that converts Samba version 1.9.18 into version 2.0.x 


rpcclient 
testprns 
findsmb 


Allow to debug the rpc 
Checks the validity of a printer name 
Finds smbservers in the network 
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15 - Setting-up minimal settings in /etc/smb.conf 
Configuration file (smb.conf) Global Directives 


[Global] 


# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 
workgroup = WORKGROUP 


# server string is the equivalent of the NT Description field 
server string = Samba Server 


This option is important for security. It allows you to restrict 
connections to machines which are on your local network. The 
following example restricts access to two C class networks and 
the "loopback" interface. For more examples of the syntax see 
the smb.conf man page 


SHE He He He He 


hosts allow = 192.168.10. 192.168.11. 192.168.12. 127. 


If you want to automatically load your printer list rather 
than setting them up individually then you'll need this 
Not needed if each printer is defined separately. 

load printers = yes 


you may wish to override the location of the printcap file 

Usable only if NOT 'printing = cups' below 

printcap name = /etc/printcap 

on SystemV system setting printcap name to lpstat should allow 
you to automatically obtain a printer list from the SystemV spool 
system 

Usable only if NOT 'printing = cups' below 

printcap name = lpstat 


SH SHE HE SHE HE HE 


SHE =H He He $+ 


` 


It should not be necessary to specify the print system type unless 
it is non-standard. Currently supported print systems include: 
bsd, sysv, plp, lprng, aix, hpux, qnx, cups 

From version 2.06 the 'cups' is also possible 


SHE E E H 


printing = cups 


# Uncomment this if you want a guest account, you must add this to 
# /etc/passwd 

# otherwise the user "nobody" is used 

# This directive can also be used inside a File Share section that 
# has 'guest ok' or 'public' set to 'yes' 

guest account = nobody 


# this tells Samba to use a separate log file for each machine 
# that connects 
# log file = /usr/local/samba/var/log.%m 


# Otherwise the following log file will be used 
log file = /var/log/samba 


# Amount of debugging information sent to the Samba Log file (above) 
# Normally set to 1 set to 7 for debugging. 3 or less is best performance 
loglevel = 7 


# Put a capping (max size) on the size of the log files (in Kb). 
max log size = 50 


Security mode. Most people will want user level security. See 
security_level.txt for details. 

Can be 

'share' Services have a shared Password 

'user' Users have a Unix user account and password in ( 
'server' Users have accounts and Password in another machine that 
authenticate the user for Samba 


SHE He E E E He H 
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# In thi case see the directive 'password server' (below) 


# and ‘encrypted passwords' (below) 

security = user 

# Use password server option only with security = server 

; password server = <NT-Server—Name> 

# You may wish to use password encryption. Please read 

# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. 
# Do not enable this option unless you have read those documents 

# Deafult is set to No 

# Windows 95 uses only Plain Text passwords. 

# Windows 98 uses Encrypted passwords as default. 

# Windows NT uses Encrypted passwords as default. 

# ------- Windows 98 -------- 

# To set the Windows 98 password to Plain text enter the following 
# settings in the System registry using the REGEDIT.EXE 

# [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP] 
# "“EnablePlainTextPassword"=dword:00000001 

$ —------ Windows NT -------- 

# To set the Windows 98 password to Plain text enter the following 
# settings in the System registry using the REGEDIT.EXE 

# [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters] 
# “EnablePlainTextPassword"=dword:00000001 


encrypt passwords = yes 


# Using the following line enables you to customise your configuration 
# on a per machine basis. The %m gets replaced with the netbios name 

# of the machine that is connecting 

; include = /usr/local/samba/1ib/smb.conf.%m 


# Most people will find that this option gives better performance. 
# See speed.txt and the manual pages for details 
socket options = TCP_NODELAY 


# Configure Samba to use multiple interfaces 

# If you have multiple network interfaces then you must list them 
# here. See the man page for details. 

interfaces = 192.168.10.166/24 192.168.11.166/24 


# Browser Control Options: 

# set local master to no if you don't want Samba to become a master 

# browser on your network. Otherwise the normal election rules apply 

# If you enable the option 'domain master' to yes, this option has no effect 
# local master = yes 
# 
# 
# 
# 
o 


OS Level determines the precedence of this server in master browser 
elections. The default value should be reasonable 

WfW and Win 95/98 uses 1, Win NT Client uses 17, Win NT server uses 33 
Setting it to 34 or higher will win the elections on any network. 
s level = 34 


# Domain Master specifies Samba to be the Domain Master Browser. This 
# allows Samba to collate browse lists between subnets. Don't use this 
# if you already have a Windows NT domain controller doing this job 

# Enable this to 'yes' if this server is set to be a Primary Domain 

# Controller 

domain master = yes 


# Preferred Master causes Samba to force a local browser election on startup 
# and gives it a slightly higher chance of winning the election 

# if the os level is set accordingly 

preferred master = yes 


# Use only if you have an NT server on your network that has been 
# configured at install time to be a primary domain controller. 

# It is now DEPRECATED and should neot be used unless realy needed 
; domain controller = <NT-Domain-Controller-SMBName> 
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# Enable this if you want Samba to be a domain logon server for 

# Windows95 workstations. 

# It is mostly needed for profiles download from Samba server 

# Normally commented out. Default is set to No 

# domain logons = yes 

# if you enable domain logons then you may want a per-machine or 

# per user logon script 

# run a specific logon batch file per workstation (machine) 

; logon script = %m.bat 

# run a specific logon batch file per username 

; logon script = %U.bat 

# Where to store roving profiles (only for Win95 and WinNT) 

# SL substitutes for this servers netbios name, %U is username 

# You must uncomment the [Profiles] share below 

# See the Variabel substitutions sheet (separate) to understand the %... 
; logon path = \\%L\Profiles\%U 

# Windows Internet Name Serving Support Section: 

# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server 
wins support = yes 

# WINS Server - Tells the NMBD components of Samba to be a WINS Client 

# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both 
; wins server = w.x.y.zZ 

# WINS Proxy - Tells Samba to answer name resolution queries on 

# behalf of a non WINS capable client, for this to work there must be 

# at least one WINS Server on the network. The default is NO. 


wins proxy = yes 


Se He HE HE HE HE 


DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names 
via DNS nslookups. The built-in default for versions 1.9.17 is yes, 
this has been changed in version 1.9.18 to no. 

dns proxy = no 


Extra parameters from manual installation --Root 
Where the Samba password file reside. Default is /etc/smbpasswd 


smb passwd file =/etc/smbpasswd 
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16 - Configuration file (smb.conf) shares definitions 


16.1 - User home directories resource access 
[homes] is a reserved share name and should be used only for the following purpose. 
This section allows to set the access parameters specific to each user's home directory already 
created and owned by the user on the Linux Machine where Samba runs. 


Typical configuration: 


[homes] 
comment = Home Directories ;Title shown under the Resource Icon in Windows 
browseable = no ; Do not allow to be displayed to other users 
writable = yes ; Allow user to write files and create directories 
read only = no ; Same as Read only = no but makes suer it is the case 
printable = no ; Do not announce this resource as a Printer 
create mode = 0700 ; set the access rights for the newly created files 
directory mask = 0700 ; set the access rights for the newly created directories 


16.2 - Network logon settings 
Setting up Samba as Primary Domain Controller (Logon Server) 
[global] 
security = user 
os level = 34 
local master = yes 
prefered master = yes 


domain logons = yes 
domain master = yes 
[netlogon] 
comment = The Domain Logon Service 


(Path: doesn't matter where it points to as long as it exists) 
path = /usr/local/samba/logon 

guest ok = yes 

writable = no 

browsable = no 


# Un-comment the following and create the netlogon directory for Domain Logons 
; [netlogon] 
s comment = Network Logon Service 
(Path: doesn't matter where it points to as long as it exists) 
path = /usr/local/samba/lib/netlogon 
guest ok = yes 
writable = no 
share modes = no 
browsable = no 


Ne Ne Ne Ne Ne 


# Un-comment the following to provide a specific roving profile share 
# the default is to use the user's home directory 

#[Profiles] 

# path = /usr/local/samba/profiles 

# browseable = no 

# guest ok = yes 


16.3 - Printers Access 


16.2.1 - Section that anounce all available printers 


# NOTE: If you have a BSD-style print system there is no need to 
# specifically define each individual printer 
[printers] 

comment = All Printers 

path = /var/spool/lpd/samba 

browseable = no 
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# Set public = yes to allow user 'guest account’ to print 
public = yes 
guest ok = yes 
writable = no 
printable = yes 
load printers = yes 
create mode = 0700 


16.2.2 - Sections that anounce single printers 


# HP Laserjet 6L (PCL) 
# Basic cups Laserjet minimal instructions 
[LaserJet] 


printable = yes 
printer = laserjet 
printing = cups 
read only = yes 
guest ok = yes 
# The following parameters can also be set. 


# The settings shown in <...> are the default settings 
#[LaserJet2] 

# printable = < no > 

# printer = Laserjet@server 

# print command = < lpr -r -P%p %s > 

# lpq command = < lpq -P%p > 

# lprm command = < lprm -P%p %j > 

# lppause command = < > 

# lpresume command = < > 

# queuepause command = < /usr/bin/disable %p > 
# queueresume command = < /usr/bin/enable %p > 
# path = < /var/spool/samba > 

# printing = cups 

# read only = yes 

# guest ok = yes 


16.4 - Directories/Files Serving directives 


# This one is useful for people to share files 
; [tmp] 

F comment = Temporary file space 

; path = /tmp 

; read only = no 

$ public = yes 


# A publicly accessible directory, but read only, except for people in 
# the "staff" group 
; [public] 

; comment = Public Stuff 

s path = /home/samba 

A public = yes 

; writable = yes 

; printable = no 

write list = @staff 
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# Other examples. 
# 


# A private printer, usable only by fred. 


Michel Bisson 


Spool data will be placed in fred's 


# home directory. Note that fred must have write access to the spool 


# directory, wherever it is. 


; [fredsprn] 

; comment = Fred's Printer 
A valid users = fred 

; path = /homes/fred 

A printer = freds_printer 
; public = no 

A writable = no 

rd 


printable = yes 


# A private directory, usable only by fred. 


# access to the directory. 
[fredsdir] 
comment = Fred's Service 
path = /usr/somewhere/private 
valid users = fred 
public = no 
writable = yes 


Ne Ne Ne Ne Ne Ne 


Note that fred requires write 


# a service which has a different directory for each machine that connects 
# this allows you to tailor configurations to incoming machines. You could 
# also use the %U option to tailor it by user name. 
# The %m gets replaced with the machine name that is connecting. 

[pchome ] 


comment = PC Directories 
path = /usr/pc/%m 
public = no 

writable = yes 


Ne Ne Ne Ne Ne 


A publicly accessible directory, 


read/write to all users. 


Note that all files created in the directory by users will be owned 
by the default user, so any user with access can delete any other user's 


Another user could of course be specified, 


be owned by that user instead. 


public = yes 
only guest = yes 
writable = yes 
printable = no 


in which case all files would 


# 
# 
# 
# files. Obviously this directory must be writable by the default user. 
# 
# 
[ 


# The following two entries demonstrate how to share a directory so that two 
# users can place files there that will be owned by the specific users. 

# In this setup, the directory should be writable by both users and 

# should have the sticky bit set on it to prevent abuse. 

# Obviously this could be extended to as many users as required. 

F 


; [myshare] 


path = /usr/somewhere/shared 
valid users = mary fred 
public = no 

writable = yes 

printable = no 

create mask = 0765 


Ne Ne Ne Ne Ne Ne NS 


Examples of my system at home 


[idefix] 
comment = Idefix 
path = / 
browseable = yes 
guest ok = yes 


comment = Mary's and Fred's stuff 
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read only = no 
locking = no 
writable = yes 


[all-linux] 
comment = Grafix, Proxix, and Obelix 
path = /mnt 
browseable = yes 
guest ok = yes 
read only = no 
locking = no 
writable = yes 
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17 - Linux Password files conversion to Samba format 


If the Global setting encrypt passwords is set to 'no' then Samba will use the regular /etc/passwd 
as its password file for authentication. 


The following instructions are only for the setting encrypt passwords is set to 'yes' 
17.1 - Converting the /etc/passwd to Samba format 


1 - To transfer the user's list from /etc/passwd to /etc/smbpasswd then Issue the command: 
cat /etc/passwd | mksmbpasswd.sh > /etc/smbpasswd 
This above command will only transfer the user's list and not the passwords 


2 - Enter the Encrypted password one by one for each user into the /etc/smbpasswd with the following 
command: 
smbpasswd -U <username> 


17.2 - Entering new users as Samba users: 


1 - To create a home directory fo a new user we must enter the user as regular Linux user with the 
command: useradd -m <username> 

2 - Change its password as well with the command: passwd <username> 

3 - Enter the password into Samba system with the command: smbpaswd -a <username> 


Note: To Disable a user for Samba, issued the command: smbpaswd -d <username> 
To re-Enable a disabled user for Samba issue the command: smbpaswd -e <username> 


17.3 - Configure Windows 98 for user's account 


- Workgroup (in ‘Identification’ tab under Network) 

- Machine Name (in ‘Identification’ tab under Network) 
- User name (name given at login) 

- Change the password type in registry if needed 


18 - Start / Stop Samba 


SuSE has provided a link from /usr/sbin directory called resmb to help controlling Samba. 


To start Samba: resmb start 

To stop Samba: resmb stop 

To restart Samba: resmb restart Of rcsmb reload 
To get the status of Samba: resmb status 
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19 - SWAT - Samba Web Administration Tool 


19.1 - SYNOPSIS 
swat [-s smb config file] [-a] 


19.2 - DESCRIPTION 


This program is part of the Samba suite. 

swat allows a Samba administrator to configure the complex smb.conf file via a Web browser. 

In addition, a swat configuration page has help links to all the configurable options in the smb.conf file 
allowing an administrator to easily look up the effects of any change. 


swat is run from inetd 
19.3 - Swat command line Options 
-s <smb_config_file> The default configuration file path is determined at compile time. 
The file specified contains the configuration details required by 
the smbd server. This is the file that swat will modify. The 
information in this file includes server-specific information such as 
what printcap file to use, as well as descriptions of all the services 


that the server isto provide. See smb.conf (5) for more 
information. 


-a This option disables authentication and puts swat in demo mode. 
In that mode anyone will be able to modify the smb.conf file. 
Do NOT enable this option on a production server. 
19.4 - Installation SWAT 


After you compile SWAT you need to run "make install" to install the swat binary and the various help 
files and images. 


A default install would put these in: 
/usr/local/samba/bin/swat 
/usr/local/samba/swat/images/* 
/usr/local/samba/swat/help/* 
19.5 - INETD installation for SWAT 
You need to edit your /etc/inetd.conf and /etc/services to enable SWAT to be launched via inetd. 


19.5.1 - In /etc/services you need to add a line like this: 


swat 901/tcp 


Note for NIS/YP users: 
You may need to rebuild the NIS service maps rather than alter your local /etc/services 


The choice of port number isn't really important except that it should be less than 1024 and not currently 


used (using a number above 1024 presents an obscure security hole depending on the implementation 
details of your inetd daemon). 
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19.5.2 - In /etc/inetd.conf you should add a line like this: 
swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat 


Once you have edited /etc/services and /etc/inetd.conf you need to send a HUP signal to inetd. 
To do this use "kill -1 PID" where PID is the process ID of the inetd daemon. 


Or for SuSE distribution, issue the command 
reinetd restart 


19.6 - Launching SWAT 

To launch swat just run your favorite web browser and point it athttp: //localhost : 901/ 

Note that you can attach to swat from any IP connected machine but connecting from a remote machine 
leaves your connection open to password sniffing as passwords will be 

sent in the clear over the wire. 


19.7 - Files Involved 


/etc/inetd.conf 
This file must contain suitable startup information for the meta-daemon. 


/etc/services 
This file must contain a mapping of service name (e.g., swat) to service port (e.g., 901) and protocol type 
(e.g., tcp). 
For downloaded version of Samba: 
/usr/local/samba/1ib/smb.conf 
This is the default location of the smb.conf server configuration file that swat edits. 
Other common places that systems install this file are /Usr/samba/lib/smb.conf and /etc/smb.conf. 


For SuSE distribution, Samba configuration file is at: 
/etc/smb.conf 


19.8 - WARNINGS 
swat will rewrite your smb.conf file. 
It will rearrange the entries and delete all comments, "include="" and "copy=" options. 


If you have a carefully crafted smb.conf then back it up or don't use swat! 
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20 - Help on Samba 


The Help files of Samba in SuSE distribution are found in 
/usr/doc/packages/samba/ directory 


The Html help files are in : 
/usr/doc/packages/samba/htmldocs/ directory 


The help on configuring Samba (smb.conf) is 
/usr/doc/packages/samba/htmldocs/smb.conf.5.html1 


Other html files are present to help use the extra programs provided with Samba. 


21 - Connecting Linux to Samba via - smbclient- 


Michel Bisson 


smbclient //<SambaServerName>/<DirShare> -U<username>%<password> 


This should get connected and the following prompt should appear: 
smb: \> 
Samba is ready to receive the following commands(same as FTP commands): 


? <command> Display help on command, ot list of possible commands 
help [<command>] Display help on command, ot list of possible commands 
! [<command> ] Runs the command or places the user in a shell 

dir [<filename>] List Remote Current Directory content 

ls [<filename>] List Remote Current Directory content 

cd </path> Change remote(server) directory 

led </path> Change the local (client) directory 


get <remotefile> [<localfile>]Transfers the file from server(remote) to client (local) 
put <localfile> [<remotefile>]Transfers the file from client(local) to server (remote) 


mget <matching pathern> Gets all file that matchs the pathern 

mput <matching pathern> Puts all file that matchs the pathern 

prompt Toggles prompting(asking) (on/off)for mget and mput 
lowercase ON OFF If ON Converts filenames to lowercase for mget and get 
del <filename> Delete the remote file on server 

md <directory> Create directory on server 

mkdir <directory> Create directory on server 

rd <directory> Delete the directory on server 

rmdir <directory> Delete the directory on server 


setmode <Filename> [+|-]rsha Sets the DOS fielsystem attribute bits, 
using unix-like modes. 
r = read-only, s = system, h = hidden, a = archive 


Tips for connecting to a Windows or Samba resources: 
Find the advertized SMB servers (Windows and samba server list) 
>smbclient -U% -L Localhost 


List the shares on a specific SMB server: 


>smbclient -U% -L <Server name from result above> -I <Server IP Address> 


22 - Mounting Windows or Samba to a Linux Directory via - smbmount- 


>smbmount //remotehost/share /mountpoint -o options 
e.g: 
> smbmount //192.168.10.200/transfer /mnt/remotesmb \\ 
-o username=charlie \\ 
password=jolly2fp \\ 
workgroup=WORKGROUP 


Appendix -A - Samba installieren 
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Samba - Linux als Server für Windows 
Paket samba aus der Serie »n« von SUSE CD 1 installieren 


Yast: Administration des Systems - Konfigurationsdatei ändern 
»START_SMB« auf »yes« setzen 


Die Datei /etc/smb.conf editieren 


[global] 

workgroup = WORKGROUP 
(WORKGROUP is the default workgroup name under Windows, 
but could be any other name) 

guest account = nobody 

keep alive = 30 

os level = 2 

security = user 

encrypt passwords = yes 

printing = bsd 

printcap name = /etc/printcap 

load printers = yes 

socket options = TCP_NODELAY 

map to guest = Bad User 

interfaces = ip of your host / 255.255.255.0 


[usr_disk] 

(this is not a necessary section, but just an example 
of a public directory) 

comment = Public Stuff 

public = yes 

path = /usr_disk 

writeable = yes 

printable = no 


[homes] 

comment = Homes Directories 
browseable = no 

read only = no 

create mode = 0744 

path = /private/%U 

directory mask = 0744 


[printers] 

comment = All Printers 
browseable = no 
printable = yes 

public = no 

read only = yes 

create mode = 0700 
directory = /tmp 
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[cdrom] (gives all users access to the Server's CD drive) 
comment = Linux CD-Rom 

path = /cdrom 

read only = yes 

locking= no 


Stop SAMBA Server with /sbin/init.d/smb stop 
Start SAMBA Server with /sbin/init.d/smb start 


Enter Username & Password for client (same as on Windows): 
smbpasswd -ea <username> 
password 


Install Client (Windows 98 for ex.) 


Installation of a Windows Client with SAMBA 
Open: Start -> Settings -> Control Panel -> Network 


Configuration 

TCP/IP ...Ethernet Adapter... 
Properties -> IP Address 
Specify an IP adress 

IP Address: 192.168.x.x 
SUBNET MASK: 255.255.255.0 


Identification 
Computer name: 
Workgroup: WORKGROUP (same as in smb.conf) 


reboot 


Open Network Neighborhood (icon on desktop) 

you should now see your Linux host!!! 

open it too, you should see your linux home directory 
and all the linux printer drivers (ascii, lp2, raw) 


Install a printer driver: 

open: Start -> Settings -> Printers -> Add Printer 
How is this printer attached to your computer? 
Network printer 


Network path or queue name 
\\ host name \ printer queue (use Browse) 


ex: \\SIRIUS\raw (if you install a PostScript® printer driver) 
\\SIRIUS\Ip2 (if you install a regular or PCL printer driver) 
continue to install normally your driver 


you should be able now to print !!! 
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Michel Bisson 


Appendix -B - Samba 2.0.6 "smb.conf" Default parameters 


The following list of 


> 


testparm smb.conf 


add user script = 
admin users = 


allow trusted domains = Yes 
alternate permissions = No 
announce as = NT 

announce version = 4.2 
available = Yes 


bind interfaces only = No 
blocking locks = Yes 
browseable = Yes 

browse list = Yes 

case sensitive = No 
change notify timeout = 60 
character set = 

client code page = 850 
coding system = 

comment = 
config file = 
copy = 
create mask = 0744 

deadtime = 0 

debug hires timestamp = No 
debug pid = No 

debug uid = No 

default case = lower 
default service = 

delete readonly = No 

delete user script = 

delete veto files = No 
dfree command = 

directory mask = 0755 
directory security mask = -1 
dns proxy = Yes 

domain admin group = 

domain admin users = 

domain groups = 

domain guest group = 

domain guest users = 


domain logons = No 

domain master = No 

dont descend = 

dos filetime resolution = No 
dos filetimes = No 

encrypt passwords = No 

exec = 


fake directory create times = 
fake oplocks = No 

follow symlinks = Yes 

force create mode = 00 

force directory mode = 00 
force directory security mode 
force group = 

force security mode = -1 
force user = 

fstype = NTFS 

getwd cache = Yes 

guest account = nobody 

guest ok = No 

guest only = No 

hide dot files = Yes 

hide files = 

homedir map = 

hosts allow 
hosts deny = 
hosts equiv = 
include = 
interfaces = 
invalid users = 
keepalive = 300 


kernel oplocks = Yes 
level2 oplocks = No 
im announce = Auto 


No 


[global] parameterscan be obtained with the command 


64 Samba.sxw - 22 


Linux-Kurs Themen - Samba - 9 June2003 


lm interval = 


local master = 
lock dir = /us 
locking = Yes 

log file = 

log level = 2 

logon drive = 

logon home = \ 
logon path = \ 
logon script = 


lpq cache time 
lpq command = 


lprm command = 
machine passwo 
magic output = 
magic script = 


60 


load printers = Yes 


Yes 
r/local/samba/var/locks 


\SN\ SU 
\SN\%U\profile 


lppause command = 


= 10 
lpq -P%p 


-presume command = 


j 
604800 


lprm -P%p 
rd timeout 


Il oe 


mangle case = No 


mangled map = 
mangled names 
mangled stack 
mangling char 
map archive = 
map hidden = N 
map system = N 
map to guest = 
max connection 
max disk size 
max log size = 
max mux = 50 
max open files 
max packet = 6 
max ttl = 2592 
max wins ttl = 
max xmit = 655 
message comman 
min passwd len 
min print spac 
min wins ttl = 
name resolve o 
netbios aliase 
netbios name = 


= Yes 

= 50 

Yes 

(0) 

(0) 
Never 
s=0 

= 0 
5000 


= 10000 
5535 
00 
518400 
35 
d= 
gth = 5 
e = 0 
21600 
rder = lmhosts host wins bcast 
s = 


NIS homedir = No 


nt acl support 


= Yes 


nt pipe support = Yes 


nt smb support 
null passwords 


= Yes 
= No 


ole locking compatibility = Yes 


only user = No 
oplock break w 
oplock content 
oplocks = Yes 
os level = 20 
panic action = 
passwd chat = 


ait time = 10 
ion limit = 2 


*new*password* %n\n *new*password* %n\n *changed* 


passwd chat debug = No 


passwd program 
password level 
password serve 
path = 
postexec = 
postscript =N 
preexec close 
preferred mast 
preload = 
preserve case 
printcap name 
print command 
printer driver 
printer driver 
printer driver 
printer name = 
printing = bsd 
print ok = No 
protocol = NT1 


= /bin/passwd 
=0 
= 


° 
= No 
er = No 


= Yes 
= /etc/printcap 
= lpr -r -P%p %s 
= NULL 
file = /usr/local/samba/lib/printers.def 
location = 


queuepause command = 


Michel Bisson 
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queueresume command = 
read bmpx = No 

read list = 

read only = Yes 

read prediction = No 
read raw = Yes 

read size = 16384 
remote announce = 
remote browse sync = 


restrict anonymous = No 
revalidate = No 
root directory = / 


root postexec = 
root preexec = 


root preexec close = No 
security = USER 

security mask = -1 

server string = Samba 2.0.6 


set directory = No 


shared mem size = 1048576 


share modes = Yes 

short preserve case = Yes 

smb passwd file = /usr/local/samba/private/smbpasswd 
smbrun = /usr/local/samba/bin/smbrun 

socket address = 0.0.0.0 

socket options = TCP_NODELAY 

stat cache = Yes 

stat cache size = 50 

status = Yes 


strict locking = No 
strict sync = No 
strip dot = No 

sync always = No 
syslog = 1 

syslog only = No 
time offset = 0 


time server = No 
timestamp logs = Yes 
unix password sync = No 
unix realname = No 
update encrypted = No 
use rhosts = No 
username = 

username level = 0 


username map = 
valid chars 
valid users 
veto files = 
veto oplock files = 
volume = 

wide links = Yes 
wins hook = 

wins proxy = No 
wins server = 

wins support = No 
workgroup = 

write list = 

write raw = Yes 


Michel Bisson 
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Appendix -C - Troubleshooting Samba 


1 - Checking parameters in smb.conf 
cd /etc 
testparm smb.conf 


2 - Check presence of Samba machine network 
Ping each other to see if the network respond 
note: If names are used then Name and IP entries must be present in DNS or in: 
/etc/hosts or \windows\Imhosts in windows 


3 - From Linus isssue the command: 
smbclient -L <SambaServerName or IPAddr.> 
Gives long unimportant list and last the available shares on the Samba Server 
3.b If Connection refused then check that the 'netbios-ssn' is in 
LISTEN mode with the command: 
netstat -a 


4 - Check the name to IP resolution of Samba itself on the server. 
nmblookup -B <SambaServerName> __SAMBA__ 


5 - Check the name to IP resolution of a client. 
(Mostly doesn't work properly for the moment.....!!!!!) 
nmblookup -B <clientname> '*' 


6 - Checking the presence of SMB hosts on the network 
nmblookup -d 2 '*' 


7 - Connect as client on the Samba Server directory shares 
smbclient //<SambaServerName>/<DirShare> -—U<username>%<password> 


This should get connected and the following prompt should appear: 
smb: \> 


See section 222 for list of availabel command of smbclient 


7 - Connect as client on the Samba Server Printer shares 
smbclient //<SambaServerName>/<PrinterShare> -U<username>%<password> 


This should get connected and the following prompt should appear: 
smb: \> 
Samba is ready to receive the following commands: 
print <filename> Prints the file to the printer 
printmode text|graphics Sets the printing mode to plain text or native printer binary 
queue Display the current queue for the current printer share 


8 - Checking the advertized services and workgroup on the server: 
nmblookup -S <servername> 
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9 - Check the SMB Shares listing of the server 


net view \\<SambaServerName> 


10 - To MAP a DOS drive to a Samba shares resource(directory) 
net use <DOSDrive>: \\<servername>\<ShareDir> 


e.g. 
net use F: \\SERVER\MYDIR 


Windows Explorer will then show the netwotk MYDIR directory as mapped to F: drive 
11 - EXTRA INFO from NetBIOS Environment 


Show the list of available names and groups and their services offered 
See section 4 and 5 fot details of results 


NBTSTAT -a servername 
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Appendix - D - DIAGNOSING YOUR SAMBA SERVER 


DIAGNOSIS.txt for Samba release 2.0.5a 22 Jul 1999 


Contributor: Andrew Tridgell 
Updated: October 14, 1997 
Subject: DIAGNOSING YOUR SAMBA SERVER 


This file contains a list of tests you can perform to validate your 
Samba server. It also tells you what the likely cause of the problem 
is if it fails any one of these steps. If it passes all these tests 
then it is probably working fine. 


You should do ALL the tests, in the order shown. I have tried to 
carefully choose them so later tests only use capabilities verified in 
the earlier tests. 


I would welcome additions to this set of tests. Please mail them to 
samba-bugs@samba.org 


If you send me an email saying "it doesn't work" and you have not 
followed this test procedure then you should not be surprised if I 
ignore your email. 


ASSUMPTIONS 


In all of the tests I assume you have a Samba server called BIGSERVER 

and a PC called ACLIENT. I also assume the PC is running windows for 
workgroups with a recent copy of the microsoft tcp/ip stack. Alternatively, 
your PC may be running Windows 95 or Windows NT (Workstation or Server). 


The procedure is similar for other types of clients. 


I also assume you know the name of an available share in your 
smb.conf. I will assume this share is called "tmp". You can adda 
"tmp" share like by adding the following to smb.conf: 


[tmp] 

comment = temporary files 
path = /tmp 

read only = yes 


THESE TESTS ASSUME VERSION 1.9.16 OR LATER OF THE SAMBA SUITE. SOME 
COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS 


Please pay attention to the error messages you receive. If any error message 
reports that your server is being unfriendly you should first check that you 
IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf 
file points to name servers that really do exist. 


Also, if you do not have DNS server access for name resolution please check 
that the settings for your smb.conf file results in "dns proxy = no". The 
best way to check this is with "testparm smb.conf" 


In the directory in which you store your smb.conf file, run the command 
"testparm smb.conf". If it reports any errors then your smb.conf 
configuration file is faulty. 


Note: Your smb.conf file may be located in: /etc 
Or in: /usr/local/samba/lib 


run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from 
the unix box. If you don't get a valid response then your TCP/IP 
software is not correctly installed. 


Note that you will need to start a "dos prompt" window on the PC to 
run ping. 
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If you get a message saying "host not found" or similar then your DNS 
software or /etc/hosts file is not correctly setup. It is possible to 
run samba without DNS entries for the server and client, but I assume 
you do have correct entries for the remainder of these tests. 


Another reason why ping might fail is if your host is running firewall 
software. You will need to relax the rules to let in the workstation 
in question, perhaps by allowing access from another subnet (on Linux 
this is done via the ipfwadm program.) 


Run the command "smbclient -L BIGSERVER" on the unix box. You 
should get a list of available shares back. 


If you get a error message containing the string "Bad password" then 
you probably have either an incorrect "hosts allow", "hosts deny" or 
"valid users" line in your smb.conf, or your guest account is not 
valid. Check what your guest account is using "testparm" and 
temporarily remove any "hosts allow", "hosts deny", "valid users" or 
"invalid users" lines. 


If you get a "connection refused" response then the smbd server could 

not be running. If you installed it in inetd.conf then you probably edited 
that file incorrectly. If you installed it as a daemon then check that 

it is running, and check that the netbios-ssn port is in a LISTEN 

state using "netstat -a". 


If you get a "Session request failed" then the server refused the 
connection. If it says "Your server software is being unfriendly" then 
its probably because you have invalid command line parameters to smbd, 
or a Similar fatal problem with the initial startup of smbd. Also 
check your config file (smb.conf) for syntax errors with "testparm" 
and that the various directories where samba keeps its log and lock 
files exist. 


There are a number of reasons for which smbd may refuse or decline 
a session request. The most common of these involve one or more of 
the following smb.conf file entries: 

hosts deny = ALL 

hosts allow = XXX.XXX.XXX.XXX/YY 

bind interfaces only = Yes 


In the above, no allowance has been made for any session requests that 
will automatically translate to the loopback adaptor address 127.0.0.1. 
To solve this problem change these lines to: 

hosts deny = ALL 

hosts allow = xxx.xxx.Xxx.xxx/yy 127. 
Do NOT use the "bind interfaces only" parameter where you may wish to 
use the samba password change facility, or where smbclient may need to 
access local service for name resolution or for local resource 
connections. (Note: the "bind interfaces only" parameter deficiency 
where it will not allow connections to the loopback address will be 
fixed soon). 


Another common cause of these two errors is having something already running 

on port 139, such as Samba (ie: smbd is running from inetd already) or 
something like Digital's Pathworks. Check your inetd.conf file before trying to 
start smbd as a daemon, it can avoid a lot of frustration! 


And yet another possible cause for failure of TEST 3 is when the subnet mask 

and / or broadcast address settings are incorrect. Please check that the network 
interface IP Address / Broadcast Address / Subnet Mask settings are correct and 
that Samba has correctly noted these in the log.nmb file. 


Run the command "nmblookup -B BIGSERVER __SAMBA _". You should get the 
IP address of your Samba server back. 


If you don't then nmbd is incorrectly installed. Check your inetd.conf 
if you run it from there, or that the daemon is running and listening 
to udp port 137. 


One common problem is that many inetd implementations can't take many 
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parameters on the command line. If this is the case then create a 
one-line script that contains the right parameters and run that from 
inetd. 


run the command "nmblookup -B ACLIENT '*'" 


You should get the PCs IP address back. If you don't then the client 
software on the PC isn't installed correctly, or isn't started, or you 
got the name of the PC wrong. 


Run the command "nmblookup -d 2 '*'" 


This time we are trying the same as the previous test but are trying 
it via a broadcast to the default broadcast address. A number of 
Netbios/TCPIP hosts on the network should respond, although Samba may 
not catch all of the responses in the short time it listens. You 
should see "got a positive name query response" messages from several 
hosts. 


If this doesn't give a similar result to the previous test then 
nmblookup isn't correctly getting your broadcast address through its 
automatic mechanism. In this case you should experiment use the 
"interfaces" option in smb.conf to manually configure your IP 
address, broadcast and netmask. 


If your PC and server aren't on the same subnet then you will need to 
use the -B option to set the broadcast address to the that of the PCs 
subnet. 


This test will probably fail if your subnet mask and broadcast address are 


not correct. (Refer to TEST 3 notes above). 
TEST 7 
Run the command "smbclient '\\BIGSERVER\TMP'". You should then be 


prompted for a password. You should use the password of the account 
you are logged into the unix box with. If you want to test with 
another account then add the -U <accountname> option to the end of 
the command line. eg: smbclient //bigserver/tmp -—Ujohndoe 
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Note: It is possible to specify the password along with the username 
as follows: 
smbclient //bigserver/tmp -Ujohndoe%secret 


Once you enter the password you should get the "smb>" prompt. If you 
don't then look at the error message. If it says "invalid network 
name" then the service "tmp" is not correctly setup in your smb.conf. 


If it says "bad password" then the likely causes are: 


- you have shadow passords (or some other password system) but didn't 

compile in support for them in smbd 

- your "valid users" configuration is incorrect 

- you have a mixed case password and you haven't enabled the "password 
level" option at a high enough level 

- the "path =" line in smb.conf is incorrect. Check it with testparm 

- you enabled password encryption but didn't create the SMB encrypted 
password file 


Once connected you should be able to use the commands "dir" "get" 
"put" etc. Type "help <command>" for instructions. You should 
especially check that the amount of free disk space shown is correct 
when you type "dir". 


On the PC type the command "net view \\BIGSERVER". You will need to do 
this from within a "dos prompt" window. You should get back a list of 
available shares on the server. 


If you get a "network name not found" or similar error then netbios 
name resolution is not working. This is usually caused by a problem in 
nmbd. To overcome it you could do one of the following (you only need 
to choose one of them): 


- fixup the nmbd installation 

- add the IP address of BIGSERVER to the "wins server" box in the 
advanced tcp/ip setup on the PC. 

- enable windows name resolution via DNS in the advanced section of 
the tcp/ip setup 

— add BIGSERVER to your lmhosts file on the PC. 


If you get a "invalid network name" or "bad password error" then the 
same fixes apply as they did for the "smbclient -L" test above. In 
particular, make sure your "hosts allow" line is correct (see the man 
pages) 


Also, do not overlook that fact that when the workstation requests the 
connection to the samba server it will attempt to connect using the 
name with which you logged onto your Windows machine. You need to make 
sure that an account exists on your Samba server with that exact same 
name and password. 


If you get "specified computer is not receiving requests" or similar 

it probably means that the host is not contactable via tcp services. 

Check to see if the host is running tcp wrappers, and if so add an entry in 
the hosts.allow file for your client (or subnet, etc.) 


Run the command "net use x: \\BIGSERVER\TMP". You should be prompted 
for a password then you should get a "command completed successfully" 
message. If not then your PC software is incorrectly installed or your 
smb.conf is incorrect. make sure your "hosts allow" and other config 
lines in smb.conf are correct. 


It's also possible that the server can't work out what user name to 
connect you as. To see if this is the problem add the line "user = 

USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the 

username corresponding to the password you typed. If you find this 

fixes things you may need the username mapping option. 


TEST 10: 
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From file manager try to browse the server. Your samba server should 
appear in the browse list of your local workgroup (or the one you 
specified in smb.conf). You should be able to double click on the name 
of the server and get a list of shares. If you get a "invalid 

password" error when you do then you are probably running WinNT and it 
is refusing to browse a server that has no encrypted password 
capability and is in user level security mode. In this case either set 
"security = server" AND "password server = Windows_NT_Machine" in your 
smb.conf file, or enabl ncerypted passwords AFTER compiling in support 
for encrypted passwords (refer to the Makefile). 


Still having troubles? 


Try the mailing list or newsgroup, or use the tcpdump-smb utility to 

sniff the problem. The official samba mailing list can be reached at 

samba@samba.org. To find out more about samba and how to 

subscribe to the mailing list check out the samba web page at 
http://samba.org/samba 


Also look at the other docs in the Samba package! 
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Appendix -E - Definition of NetBIOS Protocol and Name 


{== 


!== NetBIOS.txt for Samba release 2.0.5a ----- 22 Jul 1999 
{== 
Contributor: lkcl - samba-bugs@arvidsjaur.anu.edu.au 
Copyright 1997 Luke Kenneth Casson Leighton 
Date: March 1997 
Status: Current 
Updated: 12jun97 
Subject: Definition of NetBIOS Protocol and Name Resolution 
Modes 
NETBIOS 


NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX. 
Samba only uses NetBIOS over TCP/IP. For details on the TCP/IP NetBIOS 
Session Service NetBIOS Datagram Service, and NetBIOS Names, see 
rfcl001.txt and rfcl1002.txt. 


NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS 
datagrams to be sent out over the 'wire' embedded within LLC frames. 
NetBEUI is not required when using NetBIOS over TCP/IP protocols and it 

is preferable NOT to install NetBEUI if it can be avoided. 


IPX/SPX is also not required when using NetBIOS over TCP/IP, and it is 
preferable NOT to install the IPX/SPX transport unless you are using Novell 
servers. At the very least, it is recommended that you do not install 
"NetBIOS over IPX/SPX'. 


[When installing Windows 95, you will find that NetBEUI and IPX/SPX are 
installed as the default protocols. This is because they are the simplest 
to manage: no Windows 95 user-configuration is required]. 


NetBIOS applications (such as samba) offer their services (for example, 
SMB file and print sharing) on a NetBIOS name. They must claim this name 
on the network before doing so. The NetBIOS session service will then 
accept connections on the application's behalf (on the NetBIOS name 
claimed by the application). A NetBIOS session between the application 
and the client can then commence. 


NetBIOS names consist of 15 characters plus a 'type' character. This is 
similar, in concept, to an IP address and a TCP port number, respectively. 
A NetBIOS-aware application on a host will offer different services under 
different NetBIOS name types, just as a host will offer different TCP/IP 
services on different port numbers. 


NetBIOS names must be claimed on a network, and must be defended. The use 
of NetBIOS names is most suitable on a single subnet; a Local Area Network 
or a Wide Area Network. 


NetBIOS names are either UNIQUE or GROUP. Only one application can claim a 
UNIQUE NetBIOS name on a network. 
There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point. 


BROADCAST NetBIOS 


Clients can claim names, and therefore offer services on successfully claimed 
names, on their broadcast-isolated subnet. One way to get NetBIOS services 
(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and 
SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make 
your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139. 


This, however, is not recommended. If you have a large LAN or WAN, you will 
find that some of your hosts spend 95 percent of their time dealing with 
broadcast traffic. [If you have IPX/SPX on your LAN or WAN, you will find 
that this is already happening: a packet analyzer will show, roughly 

every twelve minutes, great swathes of broadcast traffic!]. 
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rfcl001.txt describes, amongst other things, the implementation and use 

of, a 'NetBIOS Name Service'. NT/AS offers 'Windows Internet Name Service' 
which is fully rfcl1001/2 compliant, but has had to take specific action 
with certain NetBIOS names in order to make it useful. (for example, it 
deals with the registration of <lc> <ld> <le> names all in different ways. 
I recommend the reading of the Microsoft WINS Server Help files for full 
details). 


Samba also offers WINS server capabilities. Samba does not interact 
with NT/AS (WINS replication), so if you have a mixed NT server and 
Samba server environment, it is recommended that you use the NT server's 
WINS capabilities, instead of samba's WINS server capabilities. 


The use of a WINS server cuts down on broadcast network traffic for 
NetBIOS name resolution. It has the effect of pulling all the broadcast 
isolated subnets together into a single NetBIOS scope, across your LAN 
or WAN, while avoiding the use of TCP/IP broadcast packets. 


When you have a WINS server on your LAN, WINS clients will be able to 
contact the WINS server to resolve NetBIOS names. Note that only those 
WINS clients that have registered with the same WINS server will be 
visible. The WINS server _can_ have static NetBIOS entries added to its 
database (usually for security reasons you might want to consider putting 
your domain controllers or other important servers as static entries, 

but you should not rely on this as your sole means of security), but for 
the most part, NetBIOS names are registered dynamically. 


[It is important to mention that samba's browsing capabilities (as a WINS 


client) must have access to a WINS server. if you are using samba also 
as a WINS server, then it will have a direct short-cut into the WINS 
database. 


This provides some confusion for lots of people, and is worth mentioning 
here: a Browse Server is NOT a WINS Server, even if these services are 
implemented in the same application. A Browse Server _needs_ a WINS server 
because a Browse Server is a WINS client, which is _not_ the same thing]. 
Clients can claim names, and therefore offer services on successfully claimed 
names, on their broadcast-isolated subnet. One way to get NetBIOS services 
(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and 
SMB file/print sharing: see cifs6.txt) working on a LAN or WAN is to make 
your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139. 
You will find, however, if you do this on a large LAN or a WAN, that your 
network is completely swamped by NetBIOS and browsing packets, which is why 
WINS was developed to minimise the necessity of broadcast traffic. 


WINS Clients therefore claim names from the WINS server. If the WINS 
server allows them to register a name, the client's NetBIOS session service 
can then offer services on this name. Other WINS clients will then 

contact the WINS server to resolve a NetBIOS name. 


Samba WINS Capabilities 


To configure samba as a WINS server, you must add "wins support = yes" to 
the [global] section of your smb.conf file. This will enable WINS server 
capabilities in nmbd. 


To configure samba as a WINS client, you must add "wins server = x.x.x.x" 

to the [global] section of your smb.conf file, where x.x.x.x is the TCP/IP 
address of your WINS server. The browsing capabilities in nmbd will then 

register (and resolve) WAN-wide NetBIOS names with this WINS server. 


Note that if samba has "wins support = yes", then the browsing capabilities 
will _not_ use the "wins server" option to resolve NetBIOS names: it will 
go directly to the internal WINS database for NetBIOS name resolution. It 
is therefore invalid to have both "wins support = yes" and 

"wins server = x.x.x.x". Note, in particular, that if you configure the 
"wins server" parameter to be the ip address of your samba server itself 
(as might one intuitively think), that you will run into difficulties. 

Do not use both parameters! 
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Appendix - F - Variable Substitutions in smb.conf 


Many of the strings that are settable in the config file can take substitutions. 
For example the option "path = /tmp/%u" would be interpreted as "path =/tmp/john" 
if the user connected with the username john. 


These substitutions are mostly noted in the descriptions below, but there are 
some general substitutions which apply whenever they might be 
relevant. These are: 


SS 
SP 
su 
sg 
SU 


SG 
SH 
SV 
sh 
sm 


SL 


M 
oN 


Sp 


SR 


sd 
$a 


SI 
ST 


the name of the current service, if any. 

the root directory of the current service, if any. 
user name of the current service, if any. 

primary group name of u. 


session user name (the user name that the client wanted, 
not necessarily the same as the one they got). 


primary group name of SU. 

the home directory of the user given by %u. 

the Samba version. 

the internet hostname that Samba is running on. 

the NetBIOS name of the client machine (very useful). 


the NetBIOS name of the server.This allows you to change your 
config based on what the client calls you. Your server can have 
a "dual personality". 


the internet name of the client machine. 


the name of your NIS home directory server.This is obtained 
from your NIS auto.map entry. If you have not compiled Samba 
with the --with-automount option then this value will be the 
same as %L. 


the path of the service's home directory, obtained from your 
NIS auto.map entry. The NIS auto.map entry is split up as "SN: 
pis. 

the selected protocol level after protocol negotiation. It can 
be one of CORE, COREPLUS, LANMAN1, LANMAN2 or NT1. 


X 


o 
fo} 


The process id of the current server process. 


the architecture of the remote machine.Only some are 
recognized, and those may not be 100% reliable. It currently 
recognizes Samba,WfWg, WinNT and Win95. Anything else will be 
known as "UNKNOWN". If it gets it wrong then sending a level 3 
log to samba-bugs@samba.org should allow it to be fixed. 


The IP address of the client machine. 


the current date and time. 
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Appendix - G - Examples of Windows Domains 


Backup Domain 


Local Backup Secondary WINS 
Controller 7) Browsey 4) Server 7) 
(Authentication) (Hosts Listing) (Name Service] 


SMB Server SMB Client __ SMB Server SMB Client SMB Server 
(File Share] (Windows 98) | |(File & Printer Share}} | pwindows NT) (Printer Share) 


Example of a Workgroup that spans over more than one subnet 


WINS Server 


Local Master 
Se Browser and 
Domain Master 
Browser 


synchronize. Local Master 
browse list niii Browser 


© 


192.168.233 subnet synchronize 
browse list 


BS 


í N \ | © 


192.168.190 subnet 


BS Local Master 


Browser 


192.168.220 subnet 


Figure 1-14. A workgroup that spans more than one subnet 
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Appendix - H -Short introduction to Samba 


1 - Installation: Via yast - serie 'n' , Package: samba 
2 - Auto-start at Boot-up: Via yast Parameter: START_SMB = yes in /etc/rc.config 
3 - Manual start/stop of Samba: rcsmb {start|stop|restart|reload|status} 
4 - See below: Appendix -I-Typical samba configuration of /etc/smb.conf 
- Testing samba comfiguration and listing all the default configurations: 
testparm > /etc/smb.conf.all ; less /etc/smb.conf.al1l 
- To get help on parameters: 
/usr/share/doc/packages/samba/htmldocs/smb.conf.5.html (From SuSE 7.0 on) 
/usr/share/samba/swat /help/smb.conf.5.html (From SuSE 8.0 on) 
Note: The Sharenames should be without space and no longer than 13 chars. 
5 - Create the users that will access the samba services and the appropriate directories: 
useradd -m username ; passwd username 
smbpasswd -a username (not needed if ClearTextPassword is set in windows clients) 
6 - Testing with smbclient: 
smbclient -L LocalIPNumber 
eg: smbclient -L 192.168.70.23 (local host IP or localhost) 
At word Password: just press <Enter> to get the listing of local samba shared resources. 
7-smbclient //ServerNetbiosName or IP/ResourceName -U UserName 
eg. smbclient //laptop/fred-harry -U fred 
The password from fred will be asked, and then use the typical ftp like commands. 
(eg. get, put, Is, pwd, etc) 
8-smbmount //ServerNetbiosName or IP/ShareName /MountPoint 
-o username=username, password=password,workgroup=workgroup 
eg. 
sant //laptop/public /mnt -o username=john, password=hallo, workgroup=ms01 
If successful then no error messages will appear. Check the mounting with. 
ls /mnt 
Note received in SuSE 7.1 and 7.2: The syntax of smbmount has changed! 
smbmount can not be called directly anymore. It will be called by a shell script / 
sbin/mount.smbfs, which will be called by mount. A sample call to smbfs: 
mount -t smbfs -o username=uname,password=passwd //smbserv/share /destination 


9 - Extra programs used in Linux to connect to Windows or Samba shares: 
Kruiser in serie 'kpa' - Very good for NetBIOS connections but exist no more in 7.x 
xsmbrowser - From www.samba.org. needs expect package from series ‘tcl’ 
konqueror - Delivered with KDE-2....quite slow at displaying shares and contents 
LinNeighborhood - 'xap' Very good : Note: Must add a Master Browser as localhost 
10 - Log files are in: /var/log/log.smb and /var/log/log.nmb 
11 - Using swat: 
- Enable the line "swat" in /etc/inetd.conf - Take the # out before the line 
- Restart the inetd daemon - rceinetd restart 
- http://localhost: 901 and use name = root and root password 


12 - Using webmin: get the latest version of webmin(www.webmin.com) (.rpm) and install it. 
-http://localhost:10000 and use name = root and root password 


13 - Other means of transfering data: 


FTP, NFS, mcserv + (mc), scp, rsync (from ssh in 'sec' series) 
pscp from Putty (Win prgm) 
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Appendix - | - Typical Configuration of smb.conf 


; /etc/smb.conf 
; Copyright (c) 1999 SUSE GmbH Nuernberg, Germany. 


[global] 


workgroup = WORKGROUP 
guest account = nobody 
keep alive = 30 

os level = 2 

kernel oplocks = false 
security = user 


; Uncomment the following, if you want to use an existing NT-Server to authenticate users, but don't 
; forget that you also have to create them locally!!! 

; security = server 

; password server = 192.168.1.10 


encrypt passwords = yes 
null passwords = yes 


printing = cups 
; printcap name = /etc/printcap 
load printers = yes 


socket options = TCP_NODELAY 
map to guest = Bad User 


; Uncomment this, if you want to integrate your server into an existing net 
; e.g. with NT-WS to prevent nettraffic. 
local master = no 


; Please uncomment the following entry and replace the ip number and netmask with the correct numbers 
for your ethernet interface. 


interfaces = ethO eth0:1 eth0:2 
socket address 192.168.10.1 
socket address 192.168.20.1 
socket address 192.168.30.1 


; If you want Samba to act as a wins server, please set 'wins support = yes' 
wins support = no 


; If you want Samba to use an existing wins server, please uncomment the following line and replace 
; the dummy with the wins server's ip number. 
; wins server = 192.168.1.1 


; Do you wan't samba to act as a logon-server for your windows 95/98 clients, so uncomment the 
; following: 

; logon script =%U.bat 

; domain logons = yes 

; domain master = yes 

; [netlogon] 

; path = /netlogon 
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H#------------------------------- Shares -------------------------- 
Note: Here the /home/<user>/data MUST exist 


A dynamicly assigned directory to each user. 
[homes] 
comment = Heimatverzeichnis 
path = /home/%U/data 
browseable = no 
read only = no 
create mode = 0750 
[cdrom] 
comment = Linux CD-ROM 
path = /cdrom 
read only = yes 
locking = no 


public = yes 
[printers] 

comment = All Printers 

browseable = no 

printable = yes 

public = yes 

read only = yes 

create mode = 0700 

directory = /tmp 


Michel Bisson 


To do in system: 

(as root user) 

useradd -m <user> 

smbpasswd -ae <user> 

mkdir /home/<user>/data 

chown <user>.users /home/<user>/data 
chmod 755 /home/<user>/data 


A fully readable and writeable directory accessible for all valid users. 


[transfer] 
path = /transfer 
public = yes 
printable = no 
writeable = yes 
create mode = 0777 


A read only directory accessible for all valid users. 


[install] 
comment = Installation Directory 
path = /install 
public = yes 


read only = 
locking = no 


yes 


To do in system: 


(as root user) 


mkdir /transfer 
chmod 777 /transfer 


To do in system: 


(as root user) 


mkdir /install 
chmod 755 /install 


A readable/writable directory only accessible from as user fred and harry: It is actually owned by fred but 
also accessible and writable from harry. Fred and Harry users must be part of a group that is not the regular 


user's group. eg. group extra 
[fredsco] 
comment = common for Fred and Harry 
path = /common/fred 
valid users = fred harry 
public = no 
writeable =yes 


To do in system: ---------------------- > 


(as root user) 


groupadd extra 
useradd -m -g 
useradd -m -g 
smbpasswd -ae 
smbpasswd -ae 


extra fred 
extra harry 
fred 
harry 


/home/fred/data 
/home/harry/data 

fred.extra /home/fred/data 
harry.extra /home/harry/data 


mkdir 
mkdir 
chown 
chown 


-p /common/fred 

755 /common 

770 /common/fred 
fred.extra /common/fred 


mkdir 
chmod 
chmod 
chown 
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